From: Grant Torresan (sonofthor@severus.org)
Date: Fri Nov 29 2002 - 12:12:02 EST
Since everybody seems to be pimping their own products for auditing
Lotus Domino servers, I thought this would be an appropriate time to
announce my own humble project, which deals with this subject as well.
DominoDig is an open-source (GPL) utility written by myself (Grant
Torresan) for the purpose of quickly and cheaply auditing Lotus Domino
web servers and extracting useful information from any anonymously
accessible pages that are found.
While DominoDig may not have all the features that a commercial product
like AppDetective (which sounds most impressive, BTW) or DominoScan by
NGSSoftware, I believe that it will satisfy most of the requirements of
a pen-tester for a considerably lower price (free!).
Features of note include the following:
-Searches for a large number of default notest databases.
-Parses contents of each page it accesses looking for references to
other unique (custom) .nsf databases.
-Collects email addresses and unique IP addresses that appear in any
page it indexes.
-Produces an HTML report detailing all of the information it was able
to gather, and a list of hyperlinks to each .nsf database it was able
to access anonymously.
If you are interested in trying it out, please browse to
http://dominodig.sourceforge.net for the latest release. Please note
that this software is a "work-in-progress" and as such it is being
freqently updated and new features are being added all the time. If
there is a paricular piece of information DominoDig is not searching
for that you think would be particularly useful, or if you encounter
any problems with the software, please let me know by sending me an
email at sonofthor@severus.org.
Hope this helps,
Grant Torresan.
> ----- Original Message -----
> From: "David Barnett" <dbarn064@earthlink.net>
> To: <svetsanj@hotmail.com>; <pen-test@securityfocus.com>
> Sent: Thursday, November 28, 2002 8:50 AM
> Subject: Re: Lotus Notes
>
>
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Well I must concur with Chad as Notes default installs are wide
open.
> > Rarely when doing Pen tests have I found a correctly secured
> > Notes/Domino server. Permissions are rarely correct for databases.
> > While I am sure NexPose has done a fine job with their Vuln
scanner, I
> > have tried
> <unbiased
> > commercial plug> AppDetective works really well for Lotus and Domino
> scans!!
> > You can also use N-Stealth or any of your favorite web scanners and
> > add
> the
> > following files:
> >
> > /852566C90012664F
> > /admin4.nsf
> > /admin5.nsf
> > /admin.nsf
> > /agentrunner.nsf
> > /alog.nsf
> > /a_domlog.nsf
> > /bookmark.nsf
> > /busytime.nsf
> > /catalog.nsf
> > /certa.nsf
> > /certlog.nsf
> > /certsrv.nsf
> > /chatlog.nsf
> > /clbusy.nsf
> > /cldbdir.nsf
> > /clusta4.nsf
> > /collect4.nsf
> > /da.nsf
> > /dba4.nsf
> > /dclf.nsf
> > /DEASAppDesign.nsf
> > /DEASLog01.nsf
> > /DEASLog02.nsf
> > /DEASLog03.nsf
> > /DEASLog04.nsf
> > /DEASLog05.nsf
> > /DEASLog.nsf
> > /decsadm.nsf
> > /decslog.nsf
> > /DEESAdmin.nsf
> > /dirassist.nsf
> > /doladmin.nsf
> > /domadmin.nsf
> > /domcfg.nsf
> > /domguide.nsf
> > /domlog.nsf
> > /dspug.nsf
> > /events4.nsf
> > /events5.nsf
> > /events.nsf
> > /event.nsf
> > /homepage.nsf
> > /iNotes/Forms5.nsf/$DefaultNav
> > /jotter.nsf
> > /leiadm.nsf
> > /leilog.nsf
> > /leivlt.nsf
> > /log4a.nsf
> > /log.nsf
> > /l_domlog.nsf
> > /mab.nsf
> > /mail10.box
> > /mail1.box
> > /mail2.box
> > /mail3.box
> > /mail4.box
> > /mail5.box
> > /mail6.box
> > /mail7.box
> > /mail8.box
> > /mail9.box
> > /mail.box
> > /msdwda.nsf
> > /mtatbls.nsf
> > /mtstore.nsf
> > /names.nsf
> > /nntppost.nsf
> > /nntp/nd000001.nsf
> > /nntp/nd000002.nsf
> > /nntp/nd000003.nsf
> > /ntsync45.nsf
> > /perweb.nsf
> > /qpadmin.nsf
> > /quickplace/quickplace/main.nsf
> > /reports.nsf
> > /sample/siregw46.nsf
> > /schema50.nsf
> > /setupweb.nsf
> > /setup.nsf
> > /smbcfg.nsf
> > /smconf.nsf
> > /smency.nsf
> > /smhelp.nsf
> > /smmsg.nsf
> > /smquar.nsf
> > /smsolar.nsf
> > /smtime.nsf
> > /smtpibwq.nsf
> > /smtpobwq.nsf
> > /smtp.box
> > /smtp.nsf
> > /smvlog.nsf
> > /srvnam.htm
> > /statmail.nsf
> > /statrep.nsf
> > /stauths.nsf
> > /stautht.nsf
> > /stconfig.nsf
> > /stconf.nsf
> > /stdnaset.nsf
> > /stdomino.nsf
> > /stlog.nsf
> > /streg.nsf
> > /stsrc.nsf
> > /userreg.nsf
> > /vpuserinfo.nsf
> > /webadmin.nsf
> > /web.nsf
> > /.nsf/../winnt/win.ini
> > /?Open
> >
> >
> >
> > At 01:28 AM 11/27/2002 -0500, svetsanj@hotmail.com wrote:
> >
> >
> >
> >
> > >We are doing a penetration testing for a client who has lotus
notes.
> > >We were able to access the catalog.nsf file from the web and other
> > >admin pages such as the user list page, connections page database
> > >page etc.
> > >
> > >Question is, is this just a low level threat or can a hacker use
this
> > >info to hack further. Also clicking on some of the admin pages
brings
> > >up a default page which says click here to access page. On a notes
> > >client its possible to click that page put not through http. Is
there
> > >a workaround url that bypasses that page?
> > >
> > > SKP
> > >
> > >
> > >
> > >
> > >
> >
> >---------------------------------------------------------------------
-- > >---- > - > > >This list is provided by the SecurityFocus Security Intelligence > > >Alert > (SIA) > > >Service. For more information on SecurityFocus' SIA service which > > >automatically alerts you to the latest security vulnerabilities > > >please > see: > > >https://alerts.securityfocus.com/ > > > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> > > > > iQA/AwUBPeYfJb4MEqovNuR+EQLxpACgv+PYardMxNP9E/rq5ZK6uGQ+GwwAn0g/ > > LYO/k86xRdalL5MLF3ZA3FW7 > > =CiDX > > -----END PGP SIGNATURE----- > > > > > > -------------------------------------------------------------------- -- > > ---- > -- > > This list is provided by the SecurityFocus Security Intelligence Alert > (SIA) > > Service. For more information on SecurityFocus' SIA service which > > automatically alerts you to the latest security vulnerabilities please > see: > > https://alerts.securityfocus.com/ > > > > -- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:26 EDT